Information operations respond to kinetic strikes. Dallas emergency sirens hacked. Alleged spam king arrested. Okta files its IPO.
Dave Bittner: [00:00:00:15] Hi everyone, it's Dave. Before we start today's CyberWire podcast I wanna let you all know about a new podcast we're excited to be producing in partnership with our friends at Recorded Future. It's focused on threat intelligence, it comes out once a week and we hope you'll check it out and help spread the word. You can search on iTunes for Recorded Future or visit recordedfuture.com/podcast. Thanks in advance for checking it out, and we'd love to know what you think. Now here's our show.
Dave Bittner: [00:00:29:23] US strikes against Syrian targets and harsh words for Assad are followed by apparent Russian information operations as bilateral tensions mount. Both WikiLeaks and the Shadow Brokers resurfaced late last week. Dallas emergency sirens were hacked early Saturday. Spanish police collar the alleged "spam king."
Dave Bittner: [00:00:56:03] Time to thank our sponsor Palo Alto Networks. You can visit them at go.paloaltonetworks.com/secureclouds. With the adoption of software as a service application data now lives beyond the traditional network perimeter. What are you doing to keep your organization's data protected in this new environment. Palo Alto Network's integrated platform provides detailed software as a service visibility and granular control, data governance, automated risk remediation and malware prevention so organizations can achieve complete cloud security even in sass applications. Palo Alto Networks has the broadest most comprehensive cyber security for all cloud and software as a service environments because secure clouds are happy clouds. Find out how to secure yours at go.paloaltonetworks.com/secureclouds. And we thank Palo Alto Networks for sponsoring our show.
Dave Bittner: [00:01:58:06] Major funding for the CyberWire podcast is provided by Cylance. I'm Dave Bittner in Baltimore with your CyberWire summary for Monday, April 10th, 2017.
Dave Bittner: [00:02:07:18] Kinetic operations again have concomitant information operations. US Tomahawk strikes hitting Syrian government installations in response to the Assad regime's use of chemical agents—probably the lethal nerve agent Sarin—against domestic and largely civilian targets. The strikes, and hardline US rhetoric against Assad in the UN and elsewhere have strained US-Russian relations, and the information operations that have emerged in response have Russian fingerprints all over them.
Dave Bittner: [00:02:39:11] The Shadow Brokers are back, this time with files they claim are "NSA passwords." The group resurfaced with unpleasant things to say about US President Trump, the scriptwriter's broken English of their communique saying that they're "no longer" his supporters, and that he's abandoned "his base." To quote them, "TheShadowBrokers voted for you. TheShadowBrokers supports you. TheShadowBrokers is losing faith in you. Mr. Trump helping theshadowbrokers, helping you. Is appearing you are abandoning “your base”, “the movement”, and the peoples who's getting you elected." We leave out a great deal more that could have come from, say, Pepe the Frog, but the tone is a shrill example of the fringiest alt-right themes. Oh, and the Shadow Brokers also say they've taken an oath "to protect and defend against enemies foreign and domestic," which is, of course, a riff on the US military oath.
Dave Bittner: [00:03:32:00] So President Trump has either fallen out of favor with the Shadow Brokers' (presumably Russian) masters or that he was never in that much favor to begin with. Motherboard, often in communication with the Brokers, has asked for clarification, but received none. The Shadow Brokers again deny they have anything to do with the Russian government, but essentially no one believes them.
Dave Bittner: [00:03:53:19] Edward Snowden, who knows something about leaks and scandals, appears to think the Shadow Brokers might have overplayed their hand. He tweeted Saturday that "there's still so much here NSA should be able to instantly identify where this set came from and how they lost it. If they can't, it's a scandal."
Dave Bittner: [00:04:12:20] Al-Masdar News, an outlet based in the UAE but generally regarded as closely aligned with Syria's Assad regime and thus a mouthpiece for Russian policy in the area, claimed Friday it was the victim of a cyberattack that originated somewhere in the US. No other sources appear to have taken notice of the allegation, so the claimed attack may be disinformation.
Dave Bittner: [00:04:35:09] At the end of last week WikiLeaks issued another, smaller tranche of what purport to be CIA documents, but these don't arrive with the éclat that accompanied earlier releases. They're generally being perceived as leaks intended simply to damage US intelligence services, without the aura of whistleblowing that colored some earlier WikiLeaks dumps. After all, people say, the CIA is in the business of collecting foreign intelligence, and the dudgeon is too studied, too manufactured, like Captain Renault's shock at learning there's gambling in Casablanca.
Dave Bittner: [00:05:07:19] Tomorrow is Patch Tuesday, and Microsoft will probably, observers think, issue a relatively light set of fixes. Among them, however, is expected to be a patch for an Office zero-day being actively exploited in the wild.
Dave Bittner: [00:05:21:08] Wrapping up our daily podcast coverage of the recent Women in Cyber Security Conference, today we hear from Kathleen Smith, Chief Marketing Officer for CyberSecJobs.com and ClearedJobs.Net. She shared her perspective as a recruiter on where prospective employees should be focusing their efforts.
Kathleen Smith: [00:05:39:00] If you understand the technical and can do the technical that's great. What's really needed right now are the people that understand the business. The people that can understand how to explain the risk that is being presented to the company, how to gather the teams. Those skills are still very important. So someone getting into the workforce, that's really great that you've got the certifications, it's really great that you know, maybe Python or Collay Linux or something like that but if you can't explain yourself to your manager you're going to have a problem moving on in your career. So do take that time to do a toastmasters. To put together a presentation and go to a meet up. Really work on your writing skills. It's amazing how many people are not working on their writing skills.
Kathleen Smith: [00:06:31:19] I think the other thing is reverse recruiting. This is a term that sort of popped up over the last year or so and many security managers are saying, you know, I have recruiters that are helping me find talent. But recruiters aren't trained on what cyber security is. And I know a lot of people are very frustrated with recruiters who don't understand the technical components but maybe take a step back and explain to a recruiter exactly what you do. Explain, instead of reverse engineering reverse recruiting. This is why you need me. These are the skills that I can bring to you. You have in this job description these things that you need to do, you know, can we take this offline and do you really understand what this is?
Kathleen Smith: [00:07:17:13] Because I think we'll be able to make a difference in the workforce gap if we have job seekers who really are willing to be patient and explain to recruiters, you know, you actually contacted me about pen testing. That's not really what I do, you know, maybe take a little pity on one out of every ten recruiters that gives you a bad approach and explain to them "do you know why this isn't going to work?" and maybe, you know, we can have a different kind of conversation.
Kathleen Smith: [00:07:46:18] I do think that we're unfortunately being impacted by buzzwords and I have been part of many of the scholarships review committees and I'm really concerned with the number of people who want to come into cyber security and they're doing it just because they see the buzz word. Realize that if you're gonna take on a career it has to be something that inspires and you're passionate about. Don't go after a career because, you know, it's all in the headlines and it's a buzz word and, you know, they say that there's a skills gap. I mean there are many other industries that could use your talent and you would be much more happy. So I was a little discouraged when I've been part of several of the scholarship committees and seeing people who submit an application and their heart is just not in it. Please don't do that to yourself and please don't do that to the community.
Dave Bittner: [00:08:40:18] That's Kathleen Smith from CyberSecJobs.com and ClearedJobs.Net. You can hear more from her in our upcoming CyberWire Women in Cyber Security Conference special edition.
Dave Bittner: [00:08:53:17] In industry news, Okta issues an IPO, the first major IPO in the cybersecurity sector this year. The company seeks to raise $187 million at a unicorn's valuation of $1.5 billion.
Dave Bittner: [00:09:08:12] Hackers set off emergency-warning sirens in Dallas, Texas, early Saturday morning. These are the sirens residents of the US Atlantic and Pacific coasts tend to think of as "air raid sirens" and regard as relics of the Second World War (if they think of them at all). But in Tornado Alley between the Appalachians and the Rockies, they see serious and regular use in warning people that tornadoes are in the area, and that they should take cover, so this is far from a harmless prank. The city shut down the sirens at about 1:20 A.M. Saturday, and despite their best efforts to convince people there was no emergency, the Dallas 911 system was flooded with calls to the extent that callers experienced waits of as long as six minutes. Dallas is investigating, and has confirmed that it was a system compromise, and not a mere glitch. Whoever was responsible is believed to be in the Dallas area.
Dave Bittner: [00:09:59:19] Spanish police have arrested the alleged "spam king" Pyotr Levashov. Mr. Levashov, a Russian national who operated under the nom-du-hack "Pyotr Severa", that is, "Peter of the North," and was associated with the Kelihos botnet. The St. Petersburg native is wanted practically everywhere but especially in the US. He was vacationing in Spain with his family. Interestingly, Russian news outlet RT has suggested that Mr. Levashov is behind much of the election messaging the Russian government denies having anything to do with. The US Justice Department says it's interested in Mr. Levashov as a criminal, not as an agent of influence.
Dave Bittner: [00:10:43:11] Time to take a moment to tell you about our sponsor Control Risks. For 41 years across over 130 countries Control Risks has partnered with the world's leading companies to help them succeed in complex, physical, political and virtual risk environments. They've been with their clients as risks have evolved, from kidnapping in the jungles of Columbia to extortion by cyber attack. In an increasingly interconnected world cyber risks are everywhere you operate. Control Risks has a comprehensive view of cyber security as a business risk within a context of geopolitical, reputational, regulatory and competitive complexity. And thanks to their unique heritage they provide clarity and actionable guidance that only decades of risk experience can bring. Control Risks brings order to chaos. Let them show you what over 40 years in the risk business has taught them. Find out more at controlrisks.com/cyberwire. That's controlrisks.com/cyberwire. And we thank Control Risks for sponsoring our show.
Dave Bittner: [00:11:50:23] Joining me once again is Joe Carrigan, he's from the Johns Hopkins University Information Security Institute. Joe you're familiar with the GPS navigational software Waze?
Joe Carrigan: [00:11:59:20] Yes, I myself am Waze royalty.
Dave Bittner: [00:12:02:23] Waze is expanding, they're joining the smart device link consortium which is a group that makes with automakers and developers on open source protocols for connecting smart devices to cars and so this means that the Waze app will be on your built-in screen on your car.
Joe Carrigan: [00:12:20:15] Right.
Dave Bittner: [00:12:21:00] That's a good thing but the interesting thing about this is that it means that Waze will also be able to get more data from the vehicle itself.
Joe Carrigan: [00:12:27:07] Right. The app will have information to things like fuel levels, whether or not the wiper blades are on, how hard you're applying the brakes. And this all has very real and potentially beneficial outcomes if up ahead of me, a quarter of a mile seven people who are Waze users all slam on their brakes, something has happened, maybe Waze could in real time notify me that something, there's a hazard on the road ahead or if I'm running a little on gas Waze can say "you're running low on gas, do you want to find a gas station". But, you know, there are some privacy concerns. Like what's to say "hey your running low on gas, why don't you go to my advertiser's gas station up here?"
Dave Bittner: [00:13:04:14] Well and also I can imagine, what happens with insurance companies and potential litigation, you know, you get in an accident and are they going to subpoena the information from Google?
Joe Carrigan: [00:13:13:24] Yes does this information become discoverable?
Dave Bittner: [00:13:14:23] Right.
Joe Carrigan: [00:13:16:05] I can definitely see that happening in a society as litigious as ours here in the states.
Dave Bittner: [00:13:21:21] It was interesting there was an article in Wired about this and they were interviewing someone who said that he thought that, you know, every time consumers give up a little bit of their privacy that, you know, he thought this would be where they put their foot down but no.
Joe Carrigan: [00:13:37:06] They don't, no. We're so willing to just give up whatever we want for the next loyalty program. You know then there's also the concern of how is this getting the information from the car? It has to be used in the cam-bus somehow. I like that the protocols are open-sourced so that means they're gonna be able to be examined, people are gonna be able to assess them for security but anytime something gets access to the cam-bus, you know I'm not ready to panic here, I'm not ready to say "argh it's gonna crash your car" but I do remember that Charlie Miller and Chris Vallasec came into a jeep and took over control of the jeep through the cam-bus across the wifi access point on the car.
Dave Bittner: [00:14:15:15] Yeah, attack surface area.
Joe Carrigan: [00:14:16:23] Again we're talking about attack surface. I don't know that this is gonna be areal issue 'cause I think the apps lives on your phone. Maybe the data is just going one way. I have no idea, I'm really not very knowledgeable about this consortium or what their protocols look like. But, you know, it makes me a little curious I'll say.
Dave Bittner: [00:14:33:03] Well I think it's the shape of things to come. You want, it's that old saying that if you're getting something for free you're the product.
Joe Carrigan: [00:14:40:23] Right, exactly, that's exactly right.
Dave Bittner: [00:14:42:24] All right, Joe Carrigan, thanks for joining us.
Joe Carrigan: [00:14:44:22] My pleasure, Dave.
Dave Bittner: [00:14:48:04] And that's the CyberWire. Thanks to all of our sponsors who make the CyberWire possible, especially to our sustaining sponsor, Cylance. To find out how Cylance can protect you from cyber attacks head on over to cylance.com. The CyberWire podcast is produced by Pratt Street Media, our Editor is John Petrik, our Social Media Editor is Jennifer Eiben, our Technical Editor is Chris Russell, Executive Editor is Peter Kilpe and I'm Dave Bittner. Thanks for listening.